In this interview, I am discussing with David Balaban, a cybersecurity specialist.
To learn more about the topic, read the interview with Liran Tal.
Asynchronous callback functions can be invoked through the likes of the setTimeout method, and XMLHttpRequest object statistically conceals the bulk of treacherous JS errors.
The trio can fuel malware propagation, identity theft, and account takeover.
All instruments that assess the JS code for errors and vulnerabilities fall under one of the following categories:
Static analysis tools. Their purpose is to inspect the code for compliance with web development best practices. They help tidy up your code by pinpointing redundant strings and scrutinizing dependencies between JS functions, Cascading Style Sheets (CSS), HTML tags, and images. My personal favorites include WARI, JSLint, Google Closure Compiler, and WebScent.
Solutions for dynamic JS code analysis. These traverse your code for anti-patterns and help you better understand the ties between components and events they trigger. I prefer utilities called DOMPletion, JSNose, and Clematis.
To learn more about the topic, I recommend checking out OWASP Top Ten as it lists the main threats and explains them in a great detail.